Skip to main content

Data Privacy Requests

Important

Information and features vary according to the roles to which you belong and the permissions associated with those roles. For more information, contact your module manager or your campus support team.

The Data Privacy Requests page displays data privacy requests submitted by users and other constituents whose data is stored in your system. The requests are shown in the order they were received, and the table is filtered to pending requests by default. You can change how the data is filtered using the menu on the left side of the page. You can also sort any of the columns in ascending or descending order.

Included in the data privacy requests table are the requester's name, the request category, and the verification status. Click the plus sign next to the name to view additional information and make changes. New requests can be created by staff from this page or they may be received via an online form available on your Campus Portal.

Manage Data Privacy Requests

To access the Data Privacy Requests page and view the various requests, a user must have the Can manage data privacy requests permission turned on. The Common Processes role is required to manage these permissions.

Download Data

To download data privacy requests to an Excel file, a user must have the Can download data permission turned on.

Forget Data

A user must have the Forget Data permission turned on before they can use the Forget Data action to fulfill a request.

Caution

The Forget Data action permanently deletes and anonymizes data and cannot be reversed. For this reason, it's recommended that schools limit the number of users who have access to this permission.

Students, alumni, and other individuals who have records in Jenzabar One may submit a request to access the data your institution has on them. Failure to provide this access may violate the Family Educational Rights and Privacy Act (FERPA) if your school is in the US or the General Data Protection Regulation (GDPR) if your school is located in the EU.

To fulfill a data access request, use the Actions menu to Download data for the user. The system will generate a zipped folder that includes a text file for each table that contains records pertaining to the user who made the request.

Warning

If you receive a data access request from a student through a phone call or in person rather than through the J1 portal or an official school email account, it's wise to verify the person's ID before providing them access to any data. The verification tracking feature can be useful in these instances to ensure that data is only given to a person who has the right to access it. Verification occurs outside of Jenzabar One and the process can vary by intuition.

FERPA and GDPR regulations offer set guidelines that may require schools to delete and anonymize data in response to a request from a former student. The Forget Data Request feature facilitates that process.

Tip

Before attempting to forget a user's data, select Generate data report under the Actions menu to create a data report for the user. You can use the data report as a starting point to verify whether or not the person’s data can be anonymized easily. For example, if the person's information is only in the Admissions-related tables, you may be able to honor their request without doing additional research. However, if their data is in tables that are important to a variety of offices on campus, you should check with those other offices to see if there is any reason you cannot honor their request.

To fulfill a forget data request, use the Actions menu and select Forget data. Running the Forget Data option for a person removes data with personally identifying information (PII) that is not necessary to the running of the system and anonymizes any PII data elements for records that should not be removed from the system. The records that are not removed include, for example, course history information required for governmental reporting purposes.

Warning

Individuals who request to have their data forgotten should be warned that removing their data prevents them from accessing any of their data in the future. For example, a student would not be able to request a transcript to be sent to another institution after their data has been forgotten. Additionally, individuals should be notified that your school has a right to deny their request if there is a business reason to keep their data. A student who still owes money to your school, for example, can have their Forget Data request be denied.

Danger

The forget data process is permanent and cannot be reversed. Always ensure that this process is only run after you have verified the identity of the person making the request and warned them that their deleted and anonymized data cannot be recovered.

Upon completion of the process to forget a person's data, the status for the selected Forget Data request row will be marked Completed, and the Status Last Updated On and Status Last Updated By fields will be updated. If you click the Deny Request button, the selected Forget Data request will be marked Denied, and the Status Last Updated On and Status Last Updated By fields will be updated. In both of these scenarios, if you are viewing only the pending requests, the currently selected request will be removed from the list because its status will no longer be pending.

  1. From the Core Processes hub, expand the Data Privacy menu and select Requests. Current data privacy requests are displayed in the Requests table. By default, only requests with a Pending status are displayed.

  2. You can filter the table using the Request Filter menu to the left of the page. To add a new filter, click any checkbox and either select a value from the drop-down menu or type a value. Click Apply to update the list based on your selection.

    Data_Privacy_Requests_1.png
  3. You can remove filters by unchecking a filter that's currently checked. You can also click Clear all to remove all filters. Click Apply to see the changes in the table.

  4. If you have a set of filters that you use often, you can save that filter set to make it easier to recall later. Select the filters you want to add and click Save as. For example you may want to see all pending requests that are unverified.

  5. Name the filter set and check the Set as default box if you want this to be the first set of filters you see every time you return to the page. Click Save to complete the process and create the new filter set.

  6. Once you have saved a filter, you'll be able to select it from the Saved Filters menu that will now be visible on the page. You can edit or delete a filter set you've created by clicking the Edit button.

    Data_Privacy_Requests_2.png
  7. The Reset filters button allows you to quickly return to the default filter state with the the Request Status filter turned on and the Pending option selected.

  8. You can hide the filter box using the X in the upper right-hand corner of the box. To make the box visible again, click the filters applied link in the upper left-hand corner of the screen just under the Data Privacy section title.

  9. The table data can also be sorted in ascending or descending order using the up and down arrows next to each column heading. Click the arrows once to sort in ascending order. Click the icon again to switch to descending order.

  1. Click the green Create request button.

    Data_Privacy_Requests_6.png
  2. A new window titled Create Data Privacy Request will open. In the Requester field, begin typing the name of the person making the request. The field creates a list of search results as you type.

  3. Once you've located the correct requester, click on the person's name to select them. If you select the wrong person by mistake, you can click the X to remove the name and search again.

  4. Select a Request Category. The three options are: Access Data, Forget Data, and Update Consent. See the Types of Requests section above for more information on each of these.

    Data_Privacy_Requests_3.png
  5. Select a Request Source from the drop-down list. This specifies how the request was made.

    Data_Privacy_Requests_4.png
  6. Add optional Requester Comments. These can be helpful for other staff members if the requester provided an explanation for their request.

  7. Click Create request if you only need to add one request at this time or click Save and create another if you would like to add additional requests.

    Data_Privacy_Requests_5.png
  1. Navigate to Data Privacy Requests under the Processes Hub.

  2. Locate the request you want to edit in the Requests table. You can use the request filters on the left of your screen to make this easier. You can also sort any column in ascending or descending order using the arrows next to the column title.

  3. Once you've located the record that you want to edit, click the + button next to the user's name to expand the request record and view additional details.

    Data_Privacy_Requests_7.png
  4. Click the edit icon next to the Request Source, Requester Comments, or Processor Verifier Comments values to add or change existing details. The request source tells you how the request was made. The requester comments convey additional information from the person making the request. The processor/verified comments field is typically used by staff members to add justification for why the request should or should not be fulfilled.

    Data_Privacy_Requests_8.png
  5. Once you've selected a new request source value or added/edited comments, click Save to save your changes.

    Data_Privacy_Requests_9.png
  1. Before fulfilling a data access request, ensure that you have verified the identity of the person who will be receiving the data. Verification occurs outside of Jenzabar One and the process can vary by intuition.

  2. Once you've verified that the person making the request is the owner of the data or someone else who is authorized to access it, click the Actions button for the request you wish to fulfill and select Verified to verify the request. The J1 system won't allow you to move on to the next step until you have verified the request.

    Data_Privacy_Requests_10.png
  3. Click the Actions button again and select Download data. The system generates a zipped folder that includes a text file for each table that contains records pertaining to the user who made the request.

    Data_Privacy_Requests_11.png
  4. You'll see a warning on your screen reminding you to use a secure network to download and share the data and to keep any physical copies that you may print in a secure location. Click OK to continue.

  5. Share the folder you downloaded with the requester. You can send them the files through their school account or other verified email account.

  6. The request is automatically marked as Completed and disappears from your list if you're viewing only pending items.

  1. Before fulfilling a forget data request, ensure that you have verified the identity of the person who will be receiving the data.

  2. Once you've verified that the person making the request is the owner of the data or someone else who is authorized to access it, click the Actions button for the request you wish to fulfill and select Verified to verify the request. The J1 system won't allow you to move on to the next step until you have verified the request.

    Data_Privacy_Requests_10.png
  3. Click the Actions button and then click Forget Data.

  4. You'll see a warning on your screen informing you that this process cannot be reversed. Do not continue the process unless you are absolutely sure that the data being anonymized will not be needed in the future.

    Danger

    Once data has been deleted and anonymized using the Forget Data, it cannot be recovered.

  5. Click Forget Data to finalize the process.

    Data_Privacy_Requests_13.png
  6. All data with personally identifying information (PII) that is not necessary to the running of the system will now be removed. Any PII data elements for records that should not be removed from the system will be anonymized, meaning the identifying information is replaced so the individual who made the request is not tied to these records in any way.

  7. The request is automatically marked as Completed and will disappear from your list if you're viewing only pending items.

  1. Some Jenzabar One users may wish to have a record of data privacy requests that they can work with outside of the system or share with other staff members. The J1 system makes this easy to accomplish. Begin by navigating to Data Privacy Requests under the Processes Hub.

  2. Select the request records that you wish to export using the checkboxes in the Requests table. Keep in mind that you can filter this table using the Request Filter menu on the right. The Check All box at the top of the checkbox column makes it easy to make mass changes. It applies every page displayed with the current filter set.

    Data_Privacy_Requests_1.png
  3. Once you've selected the request records that you wish to include, click the Options menu in the upper right-hand corner of the table and select Download to Excel.

    Data_Privacy_Requests_14.png
  4. A new menu window will open, offering you the option to customize your spreadsheet.

  5. In the Workbook Creation Options menu, choose whether you want the spreadsheet to have One worksheet, Multiple worksheets, or Multiple workbooks. A workbook is the spreadsheet file itself. Worksheets are the tabbed pages in the spreadsheet that you can switch between from the bottom left of your Excel window.

  6. If you chose the multiple worksheets or multiple workbooks option, choose a column to separate the Separate Sheets By. For example, if you choose Request Category, every request with the same request category will be included in one worksheet or workbook and requests with a different category will be grouped together in additional worksheets or workbooks.

  7. The Workbook Format options offer helpful additions to the spreadsheet that make it easier to use and save you time. If the Autofit columns box is checked, column sizes will automatically adjust to display the full text of the field with the most text. Check Turn on filtering to add the filter icon to each column in the spreadsheet and make it easy to filter. The Freeze top row setting keeps the column headers from moving when the spreadsheet data is sorted. The Show totals for numeric columns setting does not apply to this spreadsheet since there are no numeric columns. You can leave it checked or uncheck it and it will not change the file.

  8. Finally, choose the Columns to Include. By default, all columns are included, but you can exclude any column that you don't need in the spreadsheet by unchecking the corresponding box. Use the Check All button to make mass changes.

  9. Click Download to download the spreadsheet to your local computer.

    Data_Privacy_Requests_15.png

To add comments to a request, click the + to expand the row. Then click the pencil next to the Processor/Verifier Comments field and add your comments.

No, you cannot delete an existing request. This is to preserve the history of users’ data privacy requests.

If you fulfill an update consent request that should have been denied, you can create a new request with the same consent types to reverse the changes. Or you can simply remove any holds that were added manually. Forget data requests cannot be reversed.

CUST_DataPrivacy_Anonymize_Data_PRE is called at the beginning of the Jenzabar provided stored procedure before any deletes or updates occur for our standard tables, while CUST_DataPrivacy_Anonymize_Data_POST is called at the end of the standard anonymize process. Both PRE and POST SPs are passed the ID_NUM as the only parameter.